On the h4xx0ring of p4sswordZ

Today, I will be discussing recent happy developments in the profitable and entertaining field of stealing other
people's Internet passwords.

This used to be quite annoying. Every now and then some idiot would leave ftp.someidiot.com/secret/passwords.txt
just sitting there in plaintext, not the
salted password
hashes that they should have saved.

But usually it wasn't easy to get the hashed passwords, and then it was unacceptably
computationally expensive for us to
brute-force our way through passwords of ever-increasing
length until we found some that matched the hashes. Brute-force cracking is getting
faster and faster, but if
the brute-forcing time for an 80486 was "one googolplex years",
then even if modern hardware can do it a million times as fast, you're still not appreciably closer to the target.

Password hashes still aren't usually salted, of course, which is great. This is the sort of thing that gives computer
criminals a reason to get up in the morning; it's one of the great scandals of computing, like how programs still
have buffer-overflow vulnerabilities even though that
was a solved problem when colour monitors were a luxury.

(Even today, practical IT security can involve the ignoble surrender of making buffer-overflow attacks
more difficult, rather than fixing
the code that makes them possible.)

If someone generates a pseudorandom several-character
salt and adds it to the password before they hash it, there'll be no
known hashes
for us to use and instantly get the password.

There are also several well-known more-processor-intensive hashing
systems. They don't put a significant extra load on a system that
only has to deal with dozens, or even thousands, of new user accounts per hour, but they make brute-force guessing
of passwords to match known hashed values take millions of times as long.

Fortunately, a ridiculous number of Web sites and other password systems stick with the old password-hash systems
like SHA-1, which were a good idea when a 486 was a fast PC, but
which are becoming less and less of a good idea
now.

We, the computer criminals, can avoid the problems with brute-force attacks by doing
dictionary attacks - trying words from a list, including
both actual real "dictionary words" and common modifications and combinations of those words. That finds the people
who thought "passw0rd1" or "jamesbond007" were good enough.

But many passwords are still too complicated for this to work, in which case we had to go back to pure brute-force.
And if a password's reasonably long, brute-force remains too slow even when you're running at blinding speed against
some file on your own system, let alone if you're trying to use a similar attack against some distant server.

Then affordable computers with gigabytes of RAM and fast CPUs came along, allowing the creation of "rainbowtables". A rainbow table provides the effect of reversing the hash of every possible password
of a given length, without requiring impossible amounts of storage space. The storage requirements for rainbow tables
were still impossible for a long time, but now that gigabytes of RAM and hundreds of gigabytes of disk space are cheap,
the poorest among our criminal brethren can afford them.

You don't need rainbow tables for increasingly long passwords any more, though. Faster CPUs and
reprogrammable graphics cards have helped us a lot in this area.
Brute-force password-cracking boxes used to have to be supercomputers, then they had to be weird things built out
of ASICs and
FPGAs at universities and intelligence agencies.
Now you can create rainbow tables or ignore them entirely and just brute-force from scratch with a normal PC and a
few midrange graphics cards, or
a box full of said cards
if you're fancy.

If you've got a handy botnet to do your bidding, things become
even easier. (I wonder if any of you clever little monkeys have used Amazon's
EC2 cloud computing system to
attack
Amazon accounts?)

What's really great, though, is how much both users and operators of passworded Web sites help us out.

Users are often required to use their e-mail address as a username. And they also, delightfully, tend to
use the same password
for multiple sites.

If a user only uses duplicate logins on unimportant sites, then it's not much use to us. Cracking someone's accounts
on IMDB and
The Pirate Bay and BrickSet
only let you give every Rob Schneider
movie ten stars, leave adulatory comments about torrents of Belgian cuttlefish pr0n, and say you really wish Lego
would bring back
Fabuland.

If a given person's login to comment on a poorly-secured crocheting blog is the same as their login for PayPal,
though, we're in business!

The big password leaks are great for us in another way, too: They let us see
the kinds of passwords that
people like to use. This means huge swathes of the brute-force password space can be left to the if-all-else-fails
very end of the cracking process. We've now got giant dictionaries of actual passwords, and
heuristics to mutate them into other likely candidates, which
we can use before slow brute force.

If you're happy with cracking only a quarter of the accounts you attack, you can now get it done before your laptop
battery goes flat. (Then later you can brute-force a few of the hard ones, to see if there are more patterns to be
harvested!)

I'd especially like to congratulate those among us who, clearly, are responsible for almost all online "password
strength tester" sites.

Your average schmuck thinks those sites may actually save the passwords people type into them, for later misuse.
That's possible, but terribly unimaginative. These sites' real purpose is, of course, to give good ratings
to terrible passwords, like "jamesbond007".

The checker at Online Domain Tools has a dictionary-attack
function. You have to click a button to use it, but if you do then it'll note that "passw0rd" is guessable because
it's just a leet-speak version of "password". This basic level of
password-checker functionality is, thankfully, rare.

(One of you busy little bees has probably also made sure your password-cracking dictionary-permutator takes into
account that most brilliant password obfuscator that everybody thinks they're the first to have thought of, typing
a simple password with fingers offset by one key on the keyboard. Converting "snoopdogg" into "dmpp[fphh" that way
will slow down one of us professional miscreants about as much as sticking the Post-it with your password written
on it to the underside of a drawer. Or hiding your drugs and money in the toilet cistern, for that matter.)

The Online Domain Tools dictionary-checker also flags "jamesbond007", because both "james" and "bond007" are in
its dictionary. It still evaluates the password as "Medium", though. Oh, and it also warns if you've picked one of
the top ten thousand passwords (from this list,
I think).

On the other hand, though, my Reddit password might be, but isn't, "iki37nnplq". The Online Domain Tools dictionary
attack checker thinks that's unsafe because "iki",
"nn" and "plq" are all dictionary words. This may be the case, but only if your dictionary contains a large number
of two- and three-letter strings that do not resemble actual human words.

(Further exploration of this phenomenon with five pseudorandom-generated - not just mashing-the-keyboard - strings
of ten letters was similarly amusing. "ZfXdSXZRco", "iZBPOYLdiQ" and "fNyUTeIZGJ" all rated as "Safe!", but "ZfXdSXZRco"
and "yKRmKiXiNR" were both "Not safe!" on the grounds of containing three dictionary words. In the latter case, two
of the dictionary words were alleged to be reversed. They were, of course, the well-known words "RNiX" and "RKy".)

The accurately-titled Yet Another Password Meter says jamesbond007
is "Very Weak", but only because it lacks upper-case letters, symbols, and symbols in the middle of the password.
Rectify those mistakes by changing it to "Jame$bond007" and now it's "Strong"! Online Domain Tools reckons "Jame$bond007"
is "fairly good", with no warnings at all.

My1login's irritating reliability continued when I tried "vingospib" - that got a "Medium", because it's not very
long. Then "golobowobs" got "Strong", because it's longer. Trying "mysupersecretpassword" resulted in a "Very Weak",
"because it contains a dictionary word and 3 common passwords".

We can't even try to overload the My1login tester by feeding it very very long passwords, because it seems to do
its computation on the client side. Super-long passwords will give your browser a lot to think about, as the "time
to crack" number becomes more and more outrageous. When I tried an extremely sensible password composed of
229 characters of keyboard-mashing, for instance, it scored a time-to-crack of "515 billion trillion trillion trillion trillion trillion trillion trillion
trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion
trillion years". And you can keep on typing if you like. (I don't know what the ceiling password length is, but
500 words of Lorem Ipsum
made it unhappy.)

Is My1login's Password Generator just as good, my
fellow criminals may mow be worrying, or does it generate impossible-to-remember character-salads that are only any
use if you're using a password-management service like, for instance, My1login?

Ah.

Well, at least there's that.

(A gratifyingly large number of Web sites also still give us that most invitingly wide-open of back doors: Password-recovery "security questions" that
are
a matter of public record.)

Nonsense words like "Pingoflorble",
and multi-word passphrases with no fancy substitutions like "speaker cup cable junction" or the famous xkcd "correct
horse battery staple", are easy to remember, moderately easy to use and damn near impossible to crack.

Fortunately, to a first approximation, nobody uses them. So we don't have to worry.

We're like burglars passing over the place with the window-bars and alarm stickers in favour of kicking through
the fibro next to the security door of the house down the road.

As long as most users stick with fibro walls, other people's identities will continue to fund our lavish lifestyles.

And now, friends, it's time for the traditional Courvoisier drinking competition. And then perhaps a little Lambo
racing!